By Susan Twombly, October 2009
While traditional security solutions focus on prevention and managing risks, they often inhibit the operations they seek to protect. Today, security must be a business enabler – empowering you to open up the enterprise to customers, suppliers and partners – yet in a way that helps you manage risk and ensure compliance.
But the very thought of “opening up” your enterprise – and the multiple points of vulnerabilities that can occur as a result – may cause you to employ a “more is better” security strategy. In fact, some large companies may work with hundreds of security vendors to ward off an ever-increasing barrage of security threats.
This approach isn’t just expensive, it’s exhaustive. To close the security gaps between these solutions that could leave you vulnerable, you must devote time and money to integrate them into your solutions. It’s also frustrating that, while all of these defensive actions can help make the business more secure, they may do little to move the business forward.
That’s why we created HP Secure Advantage, a pre-integrated portfolio of hardware, software and services from HP and HP partners, designed to help you defend resources, protect data and validate compliance – from desktop to data center to cloud.
Here are just a few examples of how we’ve worked with our Secure Advantage Alliance partners to do the integration work for you – to help you close security gaps, open the business for new opportunities and free your resources for more value-add activities that advance the business.
Security gaps can be like a leaky roof: You often don’t know where the holes are until it rains. All too often, companies find their security holes only after a virus or worm has wiggled through.
With an HP Information Security Risk Assessment Service, you can understand where the gaps are across your enterprise, the associated risks and where you’re over or under spending on security, to get a better handle on costs.
This “soup to nuts” service includes an assessment of the IT resources you use to deliver services; your data at rest, in use and in motion inside and outside your enterprise; and your compliance requirements. With HP, you don’t have to buy separate consulting and evaluation services for each area, because your assessment extends across your operations.
Using a standards-based HP Information Security Service Management (ISSM) reference model, HP security experts help you build a plan to manage and mitigate risks by deploying highly operationalized security controls throughout the business.
We help reduce the time and cost required for risk management and regulatory compliance by mapping each of these security controls into controls for people, policy, process, product and proof (auditability). By correlating these control points, we can help eliminate redundancies and highlight areas needing additional controls.
To reduce complexity, we’ve also integrated the breadth of our services portfolio with the breadth of security products from HP and partners. So, it’s much easier to select the exact solutions you need to address specific security gaps and priorities. Knowing precisely where to devote security dollars can also help you avoid a “more is better” approach to security for better cost control.
The sheer volume of event log data – and the variety of sources it comes from across the enterprise – makes it difficult to manage for compliance and security. That’s where the
HP Compliance Log Warehouse (CLW) appliance comes in as a way to automate and
simplify compliance reporting and to transform activity log data into actionable information to help prevent security breaches.
Part of the HP Secure Advantage Portfolio, the CLW collects, retains, correlates and analyzes event log data from across your infrastructure for enterprise-wide risk and compliance visibility.
HP improves that view by integrating the CLW with security solutions from our Secure Advantage partners, such as McAfee’s ePolicy Orchestrator (ePO) software, a security management platform used by many companies today. Here’s how it works:
In a two-way exchange of event log information, CLW continuously collects raw log data from a variety of McAfee solutions. In a “daily news” style, ePO requests the latest summary data from CLW, which displays reports on the ePO dashboard for ad-hoc analysis and investigation. By improving risk visibility into actual events happening on the network, such as credit card activity, the CLW can also help simplify Payment Card Industry (PCI) compliance.
By pre-integrating security solutions like these, HP helps reduce the cost and complexity of do-it-yourself integration projects, as well as the risks of security gaps.
Application security isn’t just about catching security defects in the development cycle or in isolated operational areas. And, it’s not about buying multiple tools that only complicate security management for today’s web applications.
That’s why we offer the HP Assessment Management Platform (AMP), part of the HP Application Security Center portfolio, as a more integrated approach to controlling application security.
This scalable, distributed scanning and enterprise application security platform is designed to extend web application security across the complete application lifecycle, so you can better manage application security risks across the enterprise.
As a foundation for security testing and scanning throughout application development, quality assurance and pre- and post-production environments, the AMP solution can greatly increase your visibility into the state of application security at any point in time.
By integrating AMP with your overall application lifecycle management process from the start, AMP can help you identify and address risks before they impact product release schedules and costs. In the production environment, AMP can continue to help maintain security by managing and automating regular scans of your entire web application environment, as well as the web services they provide, to uncover security vulnerabilities and deliver the remediation knowledge you need to protect your organization.
As the integration point for managing application security data across the business, the AMP platform can help you discover trends, understand problems and make more informed decisions about application risks that could threaten the business. Further, an enterprise-wide view of application risks can help you set, control and mandate security policies and regulatory compliance to increase accountability.
All this can help you decrease the risk, cost and complexity involved in protecting your applications, while helping to increase your application ROI.
Let the security experts at HP help you focus less on defending your enterprise and more on differentiating your business. With an integrated approach to security, HP Secure Advantage can help you open your business to opportunities, while you close security gaps.